This is a beginner’s guide to the different ways hackers can exploit WordPress. We will exploit WordPress core itself and explain how every exploit works. We’ll go back in time (it will really feel like the early 2000s when we break out the old WordPress themes) and take the audience through 3 different vulnerabilities in WordPress 2.2, 3.1.3, and 3.5; use each one to wreak havoc, and then show how core contributors fixed them. Finally, we’ll look at how what we’ve learned from the past can better prepare us to secure our sites in the future.